Comments on: Spam and our responsible behaviour http://www.distant-help.com/2006/11/26/spam-and-our-responsible-behaviour/ Think Different and Act, soon there is no nature left to save! Sat, 06 Mar 2010 18:23:16 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Brian White http://www.distant-help.com/2006/11/26/spam-and-our-responsible-behaviour/comment-page-1/#comment-30 Brian White Mon, 27 Nov 2006 14:49:24 +0000 http://www.distant-help.com/2006/11/26/spam-and-our-responsible-behaviour/#comment-30 <p>That reminds me of another item! My corporate firewall includes rules to block outgoing SMTP traffic unless it is being sent via a trusted email server. That prevents mail worms that include their own SMTP engine from being able to spread outwards. I wrote this up in a new <a href="http://blog.riverworth.com/index.php/2006/11/27/outgoing-email-protection/" rel="nofollow">email egress rules</a> article.</p> That reminds me of another item! My corporate firewall includes rules to block outgoing SMTP traffic unless it is being sent via a trusted email server. That prevents mail worms that include their own SMTP engine from being able to spread outwards. I wrote this up in a new email egress rules article.

]]> By: Eric http://www.distant-help.com/2006/11/26/spam-and-our-responsible-behaviour/comment-page-1/#comment-29 Eric Mon, 27 Nov 2006 09:43:07 +0000 http://www.distant-help.com/2006/11/26/spam-and-our-responsible-behaviour/#comment-29 <p>Hey Brian,</p> <p>read your article, good stuff in there and some comments are also revelant.</p> <p>Running a firewall on each server in a lan network is something I'd say is basic good sense. Having an extra independant firewall box between your lan and wan is another one if you can pay it. It is true when you have heavy traffic a firewall can become a load to much for a server. If the outer wall already filters out crap, pings, ddos etc... your lan firewalls just have their basic work to do in a lazy manner. As I always say, there is no OVER protected machine, wan or lan. Once you open it to the outside via a network, wan or lan.. it is open to attacks, malicious code etc. And many don't belief it till they have their machine down... as usual, most learn the hard way ;)</p> <p>Here at work we have multiple layers to the wan but didn't have much for the internal nertwork, till... someone popped in a usb key with a virus (not intended) and apocalyps started :) one thing good, we didn't infect the outside world since the layer prevented to spread to wan... but heuu who cared with over 100 machines to clean ;)infected....</p> Hey Brian,

read your article, good stuff in there and some comments are also revelant.

Running a firewall on each server in a lan network is something I’d say is basic good sense. Having an extra independant firewall box between your lan and wan is another one if you can pay it. It is true when you have heavy traffic a firewall can become a load to much for a server. If the outer wall already filters out crap, pings, ddos etc… your lan firewalls just have their basic work to do in a lazy manner.
As I always say, there is no OVER protected machine, wan or lan. Once you open it to the outside via a network, wan or lan.. it is open to attacks, malicious code etc.
And many don’t belief it till they have their machine down… as usual, most learn the hard way ;)

Here at work we have multiple layers to the wan but didn’t have much for the internal nertwork, till… someone popped in a usb key with a virus (not intended) and apocalyps started :) one thing good, we didn’t infect the outside world since the layer prevented to spread to wan… but heuu who cared with over 100 machines to clean ;) infected….

]]> By: Brian White http://www.distant-help.com/2006/11/26/spam-and-our-responsible-behaviour/comment-page-1/#comment-28 Brian White Mon, 27 Nov 2006 02:27:47 +0000 http://www.distant-help.com/2006/11/26/spam-and-our-responsible-behaviour/#comment-28 <p>Good article. You mention firewalls in your text and I just want to warn people not to put too much trust in them. They're important to have, but always assume they'll be breached and have secondary security measures. That's why it's important not to put external services behind a firewall with private computers. If the service has a security hole, all the private hosts are now vulnerable. I've written more about this on my <a href="http://blog.riverworth.com/index.php/2006/10/31/distributed-security/" rel="nofollow">firewall placement</a> page.</p> Good article. You mention firewalls in your text and I just want to warn people not to put too much trust in them. They’re important to have, but always assume they’ll be breached and have secondary security measures. That’s why it’s important not to put external services behind a firewall with private computers. If the service has a security hole, all the private hosts are now vulnerable. I’ve written more about this on my firewall placement page.

]]>